The Hacker News — Cyber Security, Hacking, Technology News

Twitter, the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order.

“Twitter and so on, we will root them out. The international community can say this or that – I don’t care. They will see the power of the Turkish Republic.”

After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google’s DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter.

Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed.

Why Turkey Government Banned Twitter?

According to media reports, Earlier this month a voice recording of the prime minister was leaked on YouTube and Twitter, which include the audio of Prime Minister Recep Tayyip Erdoğan instructing his son to dispose of large amounts of cash in the midst of a police investigation.

Erdogan has dismissed most of the audio recordings as a vile montage put together by his political rivals. Twitter reportedly refused to delete incriminating audio of him. s;“Twitter has been used as a means to carry out systematic character assassinations by circulating illegally acquired recordings, fake and fabricated records of wiretapping,” the prime minister’s office of public diplomacy said in a statement.

Turkey has blocked access to YouTube in the past, but this is the first ban on Twitter, which is hugely popular in the country.

#TwitterisblockedinTurkey is trending globally as free-speech supporters around the world voiced their concerns. Some related tweets are shown below:

UPDATE:

TWITTER Hired LAWYER to fight Turkey Government

However, President Abdullah Gul is also in talks with Twitter to reach a speedy resolution to the block on the website in Turkey.

Twitter has taken action against the Turkish government’s blocking of access to it and hired a lawyer expert 'Gönenç Gürkaynak' in litigations related to Cyberlaw, who met with officials from Turkey’s Telecommunications Authority (TİB) in Ankara on behalf of Tweeter.

Union of Turkish Bar Associations (TBB) filed a petition in an Istanbul court for the lifting of the ban. “A total ban on Twitter access is a violation of the European Convention on Human Rights, the Turkish Constitution and Law 5651 that includes Internet regulations. The TTB has applied to the courts for the immediate lifting of the ban. In addition, criminal complaints have been filed for those responsible for the ban ruling and the officials who applied the ban,” TBB head Metin Feyzioğlu said in a statement.

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous.

Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges.

These days, Cyber criminals are hosting malware’s Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road that also offered arms and malware to their users against Bitcoin,one of the popular crypto currency.

ChewBacca, a point-of-sale keylogger was found to be used by them and the new Zeus banking malware variant with Tor capabilities, also the researcher has found the first Tor Trojan for Android as well.

With the use of ‘Darknet resources’, such as Tor network, cybercriminals are offered various advantages and the possibility of creating an abuse-free underground forum, market and malware C&C server is attracting more and more cyber criminals, who are increasingly moving towards the technology, according to Kaspersky Lab.

“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate," explained Sergey Lozhkin, a senior security researcher at Kaspersky Lab, “Although, creating a Tor communication module within a malware sample means extra work for the malware developers. We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware,” he added.

Tor network resources, including command-and-control servers, admin panels and other malware-related resources, ‘Carding’ shops are also waving on the Darknet. “Offers are not limited to credit cards – dumps, skimmers and carding equipment are for sale too,” said the researcher.

As you know, by browsing the web using Tor hides the users’ IP address, allows journalist, Internet activist to cyber criminals to maintain anonymity. In addition, this Darknet resource is resulting in financial fraud and money laundering.

We are living in an era of Mass Surveillance, conducted by the Government Agencies like the NSA and GCHQ, and we ourselves gave them an open invitation as we all have sensors in our pockets that track us everywhere we go i.e. Smartphone. Encryption and security are more important today than any other time in our history. So, the best proactive way to keep your tracks clear is - Always use only trusted privacy tools and services.

The same folks behind the Anonymity Tool, Tor Browser Bundle is currently working on a new Privacy tool called 'Tor Instant Messaging Bundle' (TIMB), that will help you with encrypted communication to keep your online conversations private.

The Tor is the free software that lets users browse the Internet anonymously and mostly used by activists, journalists and to conceal their online activities from prying eyes.

Tor Instant Messaging Bundle, or TIMB is a real time anonymous chat system, that will simply route all of your chat data through the Tor's encrypted network, which uses proxy servers to hide the identities of its users, according to the documents posted from the Tor Project's 2014 Winter Dev Meeting. The client itself will be built on top of Instantbird, an open source instant messaging service.

The Tor Instant Messaging Bundle will encrypt user messages multiple times, including destination IP, making it sufficiently difficult to trace the original source.

Since the governments are engaged in the widespread data collection and analysis, using various gateways such as Cell phone location information, the Internet, Camera observations, and Drones. As technology and analytics advance, mass surveillance opportunities continue to grow. In which, the Tor Instant Messaging Bundle can come out to be the world's most secure real-time communication tool.

"People in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments," states the Tor TIMB project.

By the end of March, the experimental test builds of Tor Instant Messaging Bundle (TIMB) is expected to be available, but the first experimental release won't include 'Off The Record' (OTR) capability. OTR mode provides strong encryption for instant messaging conversations.

"Tor has grown popular over the past few years as a way of surfing the Web while blocking network surveillance, analysis of your traffic, or other monitoring that threatens personal freedom and privacy, confidential business activities and relationships, and state security," states the Tor Project founders. "The group's work is all the more significant following reports of NSA's foreign and domestic surveillance activities."

But, every technology has positive and negative aspects as well. Since, Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities.

It's a matter of concern, but we have to adopt measures to protect our privacy now, as the former NSA contractor Edward Snowden said:

"A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves an unrecorded, unanalyzed thought. And that’s a problem because privacy matters, privacy is what allows us to determine who we are and who we want to be. Together we can find a better balance, end mass surveillance and remind the government that if it really wants to know how we feel asking is always cheaper than spying."

The NSA has been trying to hack into the Tor network for years, and the FBI was recently caught seizing data from TorMail, an anonymous email service, and trying to use that data to catch hackers.

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing.

The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.

Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted the world's first Tor-Based Malware for Android Operating system.

The Android Malware dubbed as 'Backdoor.AndroidOS.Torec.a', using Tor hidden service protocol for stealth communication with Command-and-Control servers.

Researchers detected that the Trojan is running from .OnionTor domain and working on the functionality of an open source Tor client for Android mobile devices, called 'Orbot', thus eliminating the threat of the botnet being detected and blocked by law enforcement authorities, although often it's not clear how many devices has been infected by this malware till now.

The Trojan is capable of intercepting and stealing incoming SMS, can make USSD requests, stealing device information including 'the phone number, country, IMEI, model, version of OS', can retrieve the list of installed applications on the mobile device, and also can send SMSs to a specified number.

Kaspersky didn't mention particularly that the malware is focused on stealing banking information or not, but the popularity of Android OS is kept motivating cyber criminals to develop far more advanced Android malware with more stealthy and anti-reverse methods.

Here are some things you can do to dramatically reduce the risk of malware infections on your Android phone:

Install apps from official Android Market instead of third-party app stores or websites.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

After Silk Road, another underground online marketplace 'Utopia' has been seized by Dutch National Police, where users could buy illegal drugs and guns for home delivery.

The police started their investigation under Codename 'Operation Commodore' in 2013, and finally seized Utopia's Germany-based servers and arrested total 5 suspects for running this marketplace. One arrested in Germany and other four suspects, aged 29 to 46, were detained in The Netherlands. Two of them had also been involved in another similar underground website 'Black Market Reloaded', which was closed in December 2013.

Utopia reportedly launched only last week (http://ggvow6fj3sehlm45.onion/), intended to become a direct competitor of the Silk Road, was a 'dark web' website, which is accessible only by using Tor anonymity software.

The website is now displaying a message: "This hidden service has been seized by the Dutch National police."

Many illegal Drugs, including ecstasy and cocaine as well as guns and stolen credit cards were available through the Utopia marketplace, and also were offering hacking tools and gambling services.Dutch Police have seized 900 Bitcoin, currently worth between $540,000-$815,000 and 21-year-old Germany man could be extradited The Netherlands soon.

Dutch police declined to reveal details of how Utopia was closed, instead promising to release more information later this week.On the other hand, the moderators of the site are calling the seizure of Utopia "a serious blow to the darkweb maketplace community" and trying to regroup with other members to launch a new website.

After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals.

Despite the BlackPOSmalware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system.

In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan, dubbed "ChewBacca", that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that 'ChewBacca' is also capable of stealing credit card details from point of sale systems.

‘ChewBacca’, a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicates with its C&C (Command and Control) server over the Tor network obscuring the IP addresses of parties.

The botnet has been collecting track 1 and track 2 data of payment card since October 25, according to RSA.

During installation, ChewBacca creates a copy of itself as a file named “spoolsv.exe“and place it in the windows Start > Startup folder, so that it can automatically start-up at the login time.

After installation, the keylogger program creates a log file called “system.log” inside the system %temp% folder that contains the keystroke events along with the window focus changes.

“The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months.”

Neither the RSA nor the Kaspersky descriptions explain how the ChewBacca bot is propagated, but the RSA investigation has observed it mostly in the US and also detected in 10 other countries, including Russia, Canada and Australia.

The RSA has provided the data to the FBI on the ChewBacca operation, including the location of a command-and-control server used by the hackers.

They advised retailers to increase staffing levels and develop leading-edge capabilities to detect and stop attackers (comprehensive monitoring and incident response), encrypt or tokenize data at the point of capture and ensure that it is not in plain text view on their networks, thereby shifting the risk and burden of protection to the card issuers and their payment processors.

Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party.

Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo calledDuckDuckGoodies. Today I am going to share about Handy "Cryptography" using DuckDuckGo search engine.

Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc.

A hash function generates the exact output if executed n number of times with the same input. If there is a very small change in the input, there will be a difference between the two outputs.

Duckduckgo is a search engine which gives you a flexibility to perform such operations. It enables user to generate the hash of strings, find the algorithm used for generating a hash, give other equivalent hashes of certain hash input.

1.) Generating a Strong Password: The security and integrity of our passwords are a constant battle. The password is the only lock which can make your private information more secure. One of the biggest reasons why people use weak passwords is usually a combination of convenience, and the ability to recall them easily. But using a weak password is the equivalent to installing a lock on your front door that you could open with a Popsicle stick.

Last year, we reported that hackers managed to crack 16-character alphanumeric password in less than an HOUR. No password is foolproof, but by using a long, unique and strong password you can make your password complicated enough to slow down password cracking programs. DuckDuckGo provides you a feature of generating a strong passwordinstantly.

Search Term:password 15 strong

Where 15 is the password length.

2.) Generating a Hash: Hashing makes it difficult for an attacker to retrieve the original plain text string back from the encrypted password and it lets sites keep a list of hashes, rather than plain text passwords.

Using DuckDuckGo's Handy option, you can generate a hash value of any string just by using the following syntax on the search engine.

md5 TheHackerNews

sha512 TheHackerNews

sha TheHackerNews

sha224 TheHackerNews

sha256 TheHackerNews

sha384 TheHackerNews

Where TheHackerNews is the plain text string and md5 or sha is the hashing algorithm.

3.) Identifying Hash Algorithm: Manual finding of the algorithm used for generating the hash is a tedious task. DuckDuckGo provides you an inbuilt hash identification tool, which allows you to identify the hashing algorithm used for generating the hash string given as input.

hash a69649f9f5a7f81ac303ea77d748c77a

4.) Finding Plain text from Hashes: One more great feature provided by DuckDuckGo search engine is that it gives you plain text value and equivalent hash code in other algorithms. DuckDuckGo is not cracking hashes for you, but actually matches the hash value of the previously leaked database archive.

Tor exit enclave: DuckDuckGo also operates a Tor exit enclave, which basically means that if you’re using DuckDuckGo through the Tor anonymity tool, you will achieve end-to-end anonymous, encrypted search that is faster than what you might expect with Tor browsing, alone.

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker, Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.

If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals.

Online users are now facing another similar ransomware called 'CryptorBit', (Virustotal report) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk.

CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source.

Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display a warning for you i.e. “YOUR PERSONAL FILES ARE ENCYPTED”, following a warning message i.e. "All files including video, photos and documents, etc. on your computer are encrypted".

The Warning note on the screen instructs the victim to download the Tor browser and access an onion-based hidden website for paying the ransom money. In addition, it may threaten you to pay the ransom within 24 hours. Otherwise, it will damage all of your personal and system files completely.

SCAM-WARE

CryptorBit Malware is totally a scam designed by cyber criminals, because even after paying the ransom amount it will not decrypt your files, sounds scary but it’s true. It forces users to pay for the fake private key to decrypt files.

CryptorBit not even fraud your money but also cause damage to your PC and Interfere with your privacy.

The most common windows folder location where the Cryptorbit virus lives - "%AppData%" and can be easily removed using Antivirus tools; but unlike traditional Ransomware, you can decrypt your files using system utility 'System Restore'.

The spam emails may appear to be sent from people you know, so it’s very important for users to be careful while reading such malicious emails and if it doesn’t look right, it’s probably not.

The best protection against these infections is a good backup. We strongly advise people to keep their important files on their servers, and not on their desktops or local folders.

Using Tormail Email service for being Anonymous online while conversations and mail exchange??

There is a very disappointing news for allcurrent and past users, US Federal Bureau of Investigation (FBI) has a complete copy of Tormail server and they are using it to catch the Criminals & Hackers.

According to court documents that recently surfaced, the FBI have cloned the entire email database while investigating Freedom Hosting.

In August 2013, when the FBI seized the Tor network's top web host, Freedom Hosting, that gave the feds access to every record of every anonymous site hosted by Freedom Hosting, including TorMail, a service that allowed to send and receive email anonymously.

New evidence uncovered by Wired suggests those archives are now being used in completely unrelated investigations, but possibly now the FBI is mining the information from that database to track cyber criminals.

Remember the shutdown of the Silk Road black market?? A Florida man was busted for allegedly selling counterfeit credit cards under a new illegal online marketplace called Silk Road 2.0 in December 2013.

Administrator of the site was using “platpus@tormail.net” to take orders for the cards and the FBI obtained a warrant to search the TorMail databases and execute it using the cloned database the agency acquired; later two owners of the site were arrested based on information obtained.

Between July 22, 2013 and August 2, 2013, in connection with an unrelated criminal investigation, the FBI obtained a copy of a computer server located in France via a Mutual Legal Assistance Treaty request to France, which contained data and information from the Tormail email server, including the content of Tormail email accounts,” reads a portion of the criminal complaint against Roberson unsealed last week. “On or about September 24, 2013, law enforcement obtained a search warrant to search the contents of the Platplus Tormail Account, which resided on the seized Tormail server.

It's not exactly known how many users or how much data is in the TorMail network, but we do know that the FBI has it all.

As mentioned on the TorMail website, they always refused to hand over information to the feds, even when presented with a court order. But now it's really a huge blow for email users who relied on the onion network for anonymity.

There's still no indication that any data was ever accessed without a search warrant, but searching through email accounts becomes extraordinarily simple for the federal agency.

Note: Tormail was not affiliated with the Tor Project, a popular tor anonymity tool and browser, so Tor users should not be affected by the Tormail seizure.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship.

When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination.

According to a recent report 'Spoiled Onions: Exposing Malicious Tor Exit Relays', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users’ encrypted traffic using man-in-the-middle techniques.

Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called "exitmap" and detected suspicious behavior somewhere in Russian network. They identified 25 nodes that were tampering the web traffic and stripping out the encryption using 'sslstrip' attack.

They found some faulty nodes, may be because of configuration errors or ISP issues, but 19 nodes were caught using a bogus SSL certificate to perform man-in-the-middle attacks on users. Those buggy nodes were programmed to intercept only traffic to the Facebook website.

”I’m not even sure if they captured passwords,” the researcher said. “Maybe it was just an experiment. It didn’t seem like a very sophisticated and serious attack to us.”

"First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper)."

"Even if your traffic is going through a malicious exit relay, it doesn't mean that everything is lost."

They also noticed that the Russian nodes were re-encrypting the traffic with their own self-signed digital certificate issued to the made-up entity Main Authority.

"Finally, we want to point out that all of these attacks are of course not limited to the Tor network. You face the very same risks when you are connected to any public WiFi network. One of the fundamental problems is the broken CA system."

In conclusion, theyhave also releaseda patch for the issue as a browser extension called "Torbutton" that informs users when a man-in-the-middle attack is potentially in progress and offers the option to send an anonymous report to the Tor Project.

"We developed a set of patches for the Tor Browser Bundle, which is capable of fetching self-signed X.509 certificates over different network paths to evaluate their trustworthiness."

The Exit Relay Scanning tool "exitmap" is freely available and written in pure Python language. You can download it from GitHub.

Privacy is “workings of your mind”. We share our personal moments captured in images, credit card details, thoughts that are personal or professional with a person or a certain group at different instances of time and want it to be safe and secure.

We use an electronic gadget to share something trusting blindly the service provider company which may have to obey some unveiled laws of that country to which it belong and our data might be at risk.

The surveillance programs can force these companies to store the information and share it with the Government and can even sniff all the data passing through the channels i.e. Wire or Air, and hence compromise our privacy.

Though surveillance programs were in existence before Snowden’s leaks, but after the revelation of NSA’s surveillance programs, we need to think twice when it comes to our privacy.

28% of all Internet users, i.e. 415 Million people say that they use some sort of privacy tool for their Internet browsing sessions to ensure the confidentiality of their surfing location and privacy of the data they share.Research data from 170,000 Internet users worldwide shows 56% users feels lack of privacy while using the Internet, according to a report published by GlobalWebIndex.

Tor, a well known utility to maintain anonymous Internet access has a user base of about 45.13 million worldwide, out of which 21% are from Indonesia, 18% from Vietnam and 15% in India.

In China it is difficult to access many websites, i.e. Facebook, Google, Twitter and YouTube because of the heavily imposed Internet Censorship by the Government. China employs as many as 2 million Internet Analysts to review and block the content which are commercially and politically unfit.

GlobalWebIndex (GWI) suggests, there are about 34% of Chinese users who are addicted to using anonymity tools in order to bypass the Internet Censorship. 60% of which do so for using Google products and 55% for Facebook or Twitter. 160 million Chinese uses VPN, most of them do so to hide their location.

Indonesia also has the world's highest use of anonymity tools among its internet users, with 42 percent using proxy servers or virtual private networks known as VPNs, therefore bypass regional blocks on certain content.

"VPNs serve a perfect dual purpose for consumers in lots of markets, allowing them to access restricted content and better content as well as stay anonymous," said Jason Mander, GWI's head of trends. "It's a perfect combination and one that is likely to see their popularity grow. It also means that the numbers using sites such as Facebook in China are likely to have been under-estimated, and that Geo-located advertising is completely missing the mark for these internet users."

The Report concludes that there is an exponential growth in Internet users worldwide and which is open for surveillance at least by the country you showing your location.

To make your virtual life more private, use of crypto tools like Cryptocat, Truecrypt, Tor browser, PGP for emails, cloudFogger for cloud storage is recommended, which in itself is not 100% secure, but will make surveillance agency to invest a bit of extra efforts to get your private details.

In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called 'Sefnit'. In an effort to takedown of the Sefnit botnetto protect windows users, Microsoft remotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner.

Last year in August, after Snowden revelations about the National Security Agency's (NSA) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks.

In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called 'Sefnit malware', which was infecting millions of computers for click fraud and bitcoin mining.

To achieve the maximum number of infections, cyber criminals were using several ways to spread their botnet. On later investigation, Microsoft discovered some popular softwares like Browser Protector and FileScout, bundled with vulnerable version of Tor Browser & Sefnit components.

'The security problem lies in the fact that during a Sefnit component infection, the Tor client service is also silently installed in the background. Even after Sefnit is removed, unless specific care is taken, the Tor service will be left and still regularly connect to the Tor Network.'

It was not practically possible for Microsoft or the Government to instruct each individual on 'How to remove this Malware', so finally Microsoft took the decision of remotely washing out the infections themselves.

To clean infected machines, Microsoft began updating definitions for its antimalware apps.

"We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline." and later also in Malicious Software Removal Tool.

But why Tor Browser?

"Even after Sefnit is removed, unless specific care is taken, the Tor service will be left and still regularly connect to the Tor Network. This is a problem not only for the workload it applies to the Tor Network, but also for the security of these computers." Microsoft says.

So they removed it and to Justify their action, Microsoft points out several vulnerabilities in the Tor version bundled with Sefnit malware i.e. Tor version 0.2.3.25, that opens the user to attack through these known vulnerabilities.

"Tor is a good application used to anonymous traffic and usually poses no threat. Unfortunately, the version installed by Sefnit is v0.2.3.25 – and does not self-update. The latest Tor release builds at the time of writing is v0.2.4.20."

May be this is the right way to neutralize the infections, but the Microsoft's action also clarifies the capability to remotely remove any software from your computer.

In last October, the Feds told they would probably just liquidate the bitcoins seized from the online black market Silk Road, once they were legally free to do so.

Finally the United States District Judge J. Paul Oetkensigned off on the forfeiture order for the Bitcoins, clearing the government to sell the assets.

Last September, the FBI had seized 29,655 Bitcoins from the online black market Silk Road after its alleged 29-year-old mastermind, Ross William Ulbricht, aka 'Dread Pirate Roberts' was arrested and charged with possessing controlled substances and committing or conspiring to commit computer hacking offenses, among other charges.

This new ruling represents the largest-ever forfeiture of Bitcoins. The assets include the Silk Road hidden website and 29,655 Bitcoins, worth more than $28 Million according to current exchange rates.

Manhattan U.S. Attorney Preet Bharara said:

“With today’s forfeiture of $28 million worth of Bitcoins from the Silk Road website, a global cyber business designed to broker criminal transactions, we continue our efforts to take the profit out of crime and signal to those who would turn to the dark web for illicit activity that they have chosen the wrong path.”

"Bitcoins had been seized in connection with the investigation and not due to the currency's unregulated nature."

U.S Authorities have indicated that the virtual currency will be sold in an auction, as is standard for getting rid of assets seized from criminals. “Not yet determined exactly how the bitcoins will be converted and liquidated,” he said.

U.S. Government is also trying to get their hands on an additional 144,336 Bitcoins (worth more than $130 million) that were found on computer hardware belonging to the Ross William Ulbricht. Government has asked a court to order the forfeiture of those assets, too.

Although, Ulbricht has filed a claim to stop the forefiture of those Bitcoins and his lawyers are fighting against the allegations and the civil forfeiture claim.

Silk Road was an online drug marketplace where its nearly 1 million anonymous users could buy and sell all sorts of drugs using the secure Tor browser.

It is not sure yet that the Silk Road website will be placed in the auction or not, But if the U.S Government is also planning to do so, Do you think, the Silk Road will make a come back? and if yes, definitely this time it will be backdoor by the Feds.

Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor-based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers.

This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily.

ChewBaccamalware is not first that adopt Tor for anonymity, recently a new Zeus Trojan variant was captured in the wild that also based on Tor network and aimed at 64-bit systems.

Researchers did not mention that how they discovered Chewbacca, or the extent to which it has spread, but they note that the Malware is compiled with Free Pascal 2.7.1.

After execution of malware on the victim's windows system, it drops as spoolsv.exe in the startup folder and also drops a copy of Tor 0.2.3.25, which runs with a default listing on "localhost:9050". The Trojan then logs all keystrokes and sends the data back to the botnet controllers via Tor anonymity network.

The Malware also enumerates all running processes and reads their process memory. According to the researchers, The Command-and-Control server is developed using LAMP, that is based on Linux, Apache, MySQL and PHP.

Chewbacca is currently not offered in public (underground) forums, like other toolkits such as Zeus. Maybe this is in development or the malware is just privately used or shared.

The botnet's Command-and-Control server login page have an image of a character (ChewBacca) from the film series Star Wars.

We are expecting more complex and TOR-based botnets in the future. Stay tuned to +The Hacker News - Stay Safe.

Today I desire to propose an interview with Andrey Komarov, CEO of IntelCrawler and Dan Clements, President of IntelCrawler. IntelCrawler is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result.

I have prepared for them a series of answers and questions to analyze significant evolutions in the cyber-threat landscape:

Q. Which are the most concerning cyber threats for private businesses and government organizations?

A. Avoiding talking about usual and standard things, of course, the most dangerous and annoying is the emergence of fundamentally new vulnerabilities in critical applications and systems. "Zero day" vulnerabilities market is developing every day and taking the shape of a part of the future cyber warfare market, as it is still in the process of formation. Neither consumers in the face of government or companies, nor vendors are not ready for such kind of threat, which makes mitigation actions very complicated.

Q. Which are the industries most exposed to cyber attacks and why?

A. Just imagine, what would be interesting for you, if your main interests were money and information? It is two main reasons of all past and today's cyber attacks in the world. First of all, it is all related to profitable commercial business, such as private banking and industrial sector, ending with government infrastructures, which relates to state sponsored attacks. It is true, as cyber offensive approaches displace "old school", such as signal intelligence, as it is much cheaper and easier in the 21st century. The role of information takes new forms, making the computer communications as a battlefield of modern cyber warfare.

Which are the factors that most of all have influenced the design of malicious code in the last year (e.g. P2P communication protocols, advanced evasion techniques, hiding C&C in Tor networks)

Malware coders are interested in hiding of the communications between the infected host and C&C, that's why the stable trend is to create or to use alternative means of communications. That's why, there were lots of new kinds of samples, which used C&C in TOR or I2P, which was really exotic for the first time, but then became one of the standards for the cybercriminals.

Q. Which is the role of the intelligence in the fight to the cybercrime?

A. The role of e-crime intelligence is huge, as sometimes only timely notification about planned threat can help to prevent cyber attack or fraud. There are some difficulties in this niche as well, such as the heterogeneity of geographies cyber criminals live, the languages they speak, opportunity of deep infiltration in Underground communities, gathering information on the real identity of the criminals in the age of anonymity and impersonality and etc., all these aspects forcing us to organize systematical monitoring of several the most important regions, such as Asian segment, former USSR, risky EU-based countries, such as Romania, and use a large network of trusted sources. Software protection ways can't help on 100%, that's why human resources and intelligence are one of the most important additional elements.

Q. Malware and Internet of things, what to expect in the next months?

A. First of all, new variants of mobile malware, as it will be one of the most actual for the nearest future, because of global "mobilization". Secondly, new kinds of online-banking trojans and the appearance of medication of POS/ATM malicious code, as "skimming" becomes too expensive and risky. Thirdly, hacking and surveillance will damage your privacy more and more, as it is inseparable.

Q. Does it exist a marked distinction between cybercrime and state-sponsored hacking?

A. Yes, as state-sponsored hacking has more specifics. Interesting fact, that firstly cybercriminality creates the trend for further state-sponsored hacking, governments copy its actions and explore the methods and means they use in that or this country, as it is really different. Just compare, Chinese hackers and Latin American hackers, absolutely different style of intrusions, fundamentally different approaches on malicious code, as Chinese stuff is more sophisticated, because of great experience and scientific potential across the whole country.

Q. Which are the governments most active in cyberspace?

A. You should be very cautions talking about exact governments in cyber world, because it is still not very transparent. Good example, we have detected the C&C placed in Morocco, but the owners of the botnets who were behind using email accounts registered on GMX.DE. Another is when the malware after reverse engineering and unpacking had strings written in Hebrew, but hosted in Latvia. Despite these facts, the leaders of this industry certainly are: China, USA, Russia, Germany, France, UK, UAE and Saudi Arabia and Israel.

Q. Do you think it is possible a major cyber attack against a government network or a critical infrastructure in the next year?

A. Yes, as it is one of the today's main interests of bad actors, doesn't matter state sponsored or general criminals.

Q. Do you think it is possible that a Stuxnet like malware is already operating on the Internet?

A. You never know, but I think that the topic of embedded systems backdooring or malware distribution under PLC/RTU/SCADA is still very actual. And was not deleted from the plans of the intelligence community.

Dan Clements:IntelCrawler President, former Cardcops president, one of the first cybercrime intelligence company, which worked with major banks in the US on compromised data recovery.

Andrey Komarov:IntelCrawler CEO, author of OWASP SCADA Security Project. Expert in critical infrastructure protection (CIP) and SCADA security assessment. Responsible for cyber intelligence and e-crime intelligence topics in the company, as well as for R&D on Big Data and IPv4/IPv6 address space research.

Users in Iran call Internet as "Filternet", because of the heavily censored Internet access they have. Million Iranians used VPN servers to access the outside world.

In October, 2013 Jack Dorsey, the co-founder of Twitter asked Iranian President, 'Are citizens of Iran able to read your tweets?' In Reply Mr. The President said that he will work to make sure Iranians have access to information globally in what appears to be a reference to reducing online censorship.

Just after promising to support Internet Freedom, the Iran Government has banned yet another web application called - Cryptocat, a tool that allows for secure and encrypted chat.

The app is well known for bringing encrypted communications to the masses, popular with human rights activists and journalists around the world.

According to 'Blockediniran.com', Cryptocat website and the associated private chat service were inaccessible to our users in Iran. Currently since Monday.

'It currently appears that Cryptocat is the first and only encrypted chat application to be censored in Iran.' blog post says.

'Cryptocat’s main objective is to provide easy to use, accessible private chat around the world. We will do everything we can to allow our users in Iran access to Cryptocat, along with the rest of the world.'

But Iranian users still can use Cryptocat. The team provided their chat service via the Tor network on a hidden deep web website 'catmeow2zuqpkpyw.onion' , can be accessed using Tor software only.

'We’re doing the best we can, and we believe that Cryptocat offers legitimate privacy by employing impressive encryption measures.'

Possibly, The Cryptocat service was used by some political groups, that the Iranian government was targeting. Other such encrypted apps are still working and not banned yet in Iran. Cryptocat is available for Mac, as well as a plugin for Chrome and Firefox, now includes the Tor censorship circumvention technology built-in.